Incident Reporting

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: No
System requirements: Web Browser (Chrome, Firefox, Edge, Safari)

Android

IOS

User support

Email or online ticketing support: Email or online ticketing
Support response times: Monday to Friday during business hours. Email response time <24 hours, and calls <30 seconds.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard: WCAG 2.1 AAA
Web chat accessibility testing: Webchat is audited to the WCAG 2.1 guidelines.
Onsite support: Yes, at extra cost
Support levels: We offer customer success tiers that define the level of ongoing account management and technical support tailored to your needs. As standard, we provide email and phone support to handle all customer support-related queries. These tiers allow us to cater to different requirements, ensuring that every customer receives the appropriate level of service and support for their organisation.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: To help users start using our service effectively, we provide a comprehensive help centre that includes detailed user documentation and guides. For users seeking more personalised assistance, we offer additional support and training options which can be purchased according to our rate card or included as part of a customer success plan. These training services can be delivered online or on-site, depending on the specific needs and preferences of the user, ensuring a smooth onboarding process and optimal use of our service from the outset.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: At the end of the contract, users can extract their data using the front-end table views and bulk data export features available at any time. Additionally, we offer a data extract service for users who prefer a managed solution. This service is available at an additional cost, providing a convenient option for users to obtain their data securely and efficiently.
End-of-contract process: At the end of the contract, we typically offer a renewal option 3-6 months prior to the expiry. If the customer chooses not to continue, they have the ability to extract all their data using system options that allow downloads to CSV format, as data ownership always remains with the customer. For those requiring a more comprehensive data retrieval, a full copy of the structured data can be provided at an additional cost. This ensures that all data management needs are met, whether continuing with our service or transitioning away.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: Yes
Compatible operating systems: Android

IOS
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Yes, our service has been designed to work on mobile devices. The mobile app is specifically intended for workers to report safety incidents, near misses, or any similar events directly from their devices. However, full access to administrative functions and detailed analytics is exclusively available through the web portal, ensuring comprehensive management and oversight capabilities are maintained on the desktop service.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: Our web application is a self-maintained platform that allows users to comprehensively manage and review all reported incidents. Through the application, users can access detailed information on each incident, including its history and current status. This enables effective management of safety events, facilitating oversight and ensuring all incidents are addressed promptly and thoroughly.
Accessibility standards: None or don’t know
Description of accessibility: Software is accessible on the web (web application).
For users of assistive technology:

• There are no significant audio cues
• A vast majority of the interactive UI has text, which can be resized (browser permitting)
• Use of blue, red, and amber colours across the whole application
Accessibility testing: Currently, we've conducted no tests for users of assistive technology.
API: No
Customisation available: Yes
Description of customisation: Yes, our service can be customised to meet specific user needs. Customisation options are discussed with our project team prior to project initiation. Users can tailor various aspects of the service, including incident reporting forms, dashboard configurations, and workflow settings, to better fit their operational requirements. While customisation is optional and the service can be effectively used in its standard configuration, choosing to customise will involve implementation fees, which are clearly outlined on our rate card. This allows users to adjust the service based on their unique needs while being fully aware of the associated costs.

Scaling

Independence of resources: Our service is hosted using a multi-tenancy architecture, which adheres to the best practices of cloud development. We are ISO 27001 accredited, ensuring rigorous security standards. Our dedicated technical team continuously monitors our infrastructure's performance to guarantee that user demand does not affect the stability or speed of the service for others.

Analytics

Service usage metrics: Yes
Metrics types: We provide comprehensive usage metrics to the customer through in-application dashboards and reports, offering detailed insights into service utilisation and performance.
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media

Other
Other data at rest protection approach: We protect data at rest by implementing stringent security measures in compliance with ISO 27001 standards. This includes the use of encrypted storage solutions and robust access controls to ensure data remains secure and inaccessible to unauthorised parties. Our ISO 27001 accreditation underscores our commitment to upholding high security practices across all data handling processes.
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Reports can de downloaded in CSV and PDF formats.

Also, data exports can be requested from our organisation in both .PDF or .CSV formats.
Data export formats: CSV

Other
Other data export formats: PDF
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: Vatix is committed to providing exceptional service, aiming for 100% connectivity and guaranteeing an availability of better than 99.9% for our solution. Historical data from the previous G-Cloud period shows that our hosted customers experienced an availability of better than 99.975%, excluding periods of scheduled maintenance. In the event that we do not meet these guaranteed levels of availability, service credits may be offered as defined in our service level agreements (SLAs). These SLAs outline the specifics of availability guarantees and the compensation mechanism through service credits, ensuring transparency and reliability for our users.
Approach to resilience: Our service is designed for resilience, fully adhering to ISO 27001 standards and utilising AWS infrastructure across multiple availability zones. We incorporate best practices for redundancy and resilience at both infrastructure and application layers, ensuring robust fault tolerance and continuous availability.
Outage reporting: Our service uses several methods to report any outages, ensuring timely and clear communication. We maintain a public dashboard that displays real-time service status and any outage information. In the unlikely event of a service outage, we proactively communicate with the technical contact of the customer via email to provide detailed updates and information on resolution progress. This approach ensures that our users are well-informed and can manage any service interruptions effectively.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: We restrict access to management interfaces and support channels through role-based access control (RBAC), ensuring only authorised personnel have access based on their job requirements. Authentication mechanisms, including multi-factor authentication, are employed to enhance security, with regular audits conducted to maintain compliance and integrity.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: British Assessment Bureau
ISO/IEC 27001 accreditation date: 27/04/2022
What the ISO/IEC 27001 doesn’t cover: The services are within the scope of our ISO certification.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: CREST Certified Penetration Testing

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Our information security policies and processes are structured around our ISO 27001 accreditation, serving as the baseline for our Information Security Management System (ISMS). We have a dedicated information security team tasked with implementing and monitoring these policies throughout our organisation. To ensure compliance, we conduct regular training sessions and audits. Our approach includes continuous monitoring and improvement strategies to address evolving security threats effectively. Compliance with our security policies is mandatory for all staff, with clear accountability and escalation procedures in place to manage and rectify security issues promptly.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Our configuration and change management processes are integral to our ISMS, structured around ISO 27001 standards. We meticulously track the lifecycle of service components using a centralised management system, ensuring all assets are continually accounted for and reviewed. Changes to our systems and configurations undergo a rigorous assessment process to evaluate potential security impacts. This includes a preliminary risk assessment followed by testing in a controlled environment before deployment. Stakeholder reviews and approvals are mandatory for each change, with detailed documentation maintained for audit and compliance purposes, ensuring security integrity throughout the process.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Our vulnerability management process aligns with ISO 27001 standards, involving regular assessments of potential threats, including annual penetration testing by an external CREST-certified consultancy. We rapidly deploy patches, sourcing threat intelligence from reputable security channels, to maintain robust defenses against emerging security challenges.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: We employ industry-leading monitoring tools to identify potential compromises in our infrastructure and applications. Upon detection, our incident response team evaluates and responds swiftly, often within hours, to mitigate impacts. This proactive approach ensures rapid resolution and minimises disruption to services.
Incident management type: Supplier-defined controls
Incident management approach: Our organisation's incident management processes are structured around a comprehensive incident response plan led by our Head of Engineering. This ensures effective management and swift resolution of incidents. The plan and our incident management processes are audited annually as part of our ISO27001 certification, affirming our commitment to high standards of operational security and continuous improvement.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Our commitment to fighting climate change is evidenced by our proactive environmental management policies. We operate a comprehensive recycling program ensuring that all hardware supplied is recycled at end-of-life, significantly reducing environmental impacts. Additionally, we actively manage the environmental footprint of our supply chain to support sustainable practices.

Covid-19 recovery

Our services are pivotal in supporting the UK's growing number of home and hybrid workers, particularly during the COVID-19 recovery phase. By providing best-in-class technology and support, we ensure that workers can operate safely and efficiently from various locations, enhancing emergency response capabilities for lone workers.

Tackling economic inequality

We are dedicated to tackling economic inequality by providing apprenticeship programs aimed at young individuals aspiring to careers in technology. These programs offer extensive training, support, and mentorship, enabling participants to gain valuable skills and opportunities for career advancement in high-growth sectors.

Equal opportunity

Our company is committed to fostering a diverse and inclusive workforce. We actively employ and support individuals with disabilities and other challenges, ensuring that all employees have equal opportunities to succeed and contribute to our success.

Wellbeing

Our comprehensive wellbeing program underscores our commitment to employee health and satisfaction. This includes offering health insurance and creating a highly ergonomic work environment. We ensure that all employees have access to the best ergonomic equipment, promoting comfort and wellbeing in the workplace.

Pricing

Price: £25,000 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Incident Reporting

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents